The session concept is managed by the server. When the first request comes
from a browser on a new host, the server makes the beginning a new session,
and assigns a new session ID. The session ID will be then send to the browser
as cookie. The browser will remember this ID, and send the ID back to the
server in the subsequent requests. When the server receives a request with
session ID in them, it knows this is a continuation of an existing session.

When the server receives a request from a browser on a new host (request
without a session ID), the server not only creates a new session ID, it also
creates a new session object associated with the session ID. See the next section for details.

If there is no subsequent request coming back for a long time for a particular
session ID, that session will be timed out. After the session has been timed out,
if the browser comes back again with the associated session ID, the server will give
an invalid session error.

You will also get an invalid session error, if the browser send a request with
a session ID associated with a session which has been terminated by a ASP page
with session.Abandon() method.

The "session" Object

session: An object provided by the server to hold information and methods
common to all ASP pages running under one session.

Contents: A collection object acting as a cache for different ASP pages to
share information. Since "Contents" is the default collection, we write
'session.Contents("myVar")' as 'session("myVar")'.

Abandon(): A method to destroy the current session.

SessionID: A read only property to return the id of the current session.

TimeOut: A property to set timeout period on this session.

OnStart(): An event handler to be called when the first HTTP request comes
from a new user.

OnEnd(): An event handler to be called the session is abandoned or timed out.

Passing Values between Pages

There are many ways to pass values from one pages to the next pages:

Putting values into session.Contents.

Putting values into application.Contents.

Putting values at the end of the redirect URL.

In the following example, I have two ASP pages working together as a registration
process. Here is the fist ASP page, reg_form.asp: